Creating self signed certificate for domain and subdomains - NET::ERR_CERT_COMMON_NAME_INVALID
Chrome 58 has dropped support for certificates without Subject Alternative Names.
Moving forward, this might be another reason for you encountering this error.
A workaround is to add the domain names you use as "subjectAltName" (X509v3 Subject Alternative Name). This can be done by changing your OpenSSL configuration (/etc/ssl/openssl.cnf on Linux) and modify the v3_req section to look like this:
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = myserver.net
DNS.2 = sub1.myserver.net
With this in place, not forget to use the -extensions v3_req switch when generating your new certificate. (see also How can I generate a self-signed certificate with SubjectAltName using OpenSSL?)
As Rahul stated, it is a common Chrome and an OSX bug. I was having similar issues in the past. In fact I finally got tired of making the 2 [yes I know it is not many] additional clicks when testing a local site for work.
As for a possible workaround to this issue [using Windows], I would using one of the many self signing certificate utilities available.
Recommended Steps:
- Create a Self Signed Cert
- Import Certificate into Windows Certificate Manager
- Import Certificate in Chrome Certificate Manager
NOTE: Step 3 will resolve the issue experienced once Google addresses the bug...considering the time in has been stale there is no ETA in the foreseeable future.**
As much as I prefer to use Chrome for development, I have found myself in Firefox Developer Edition lately. which does not have this issue.
Hope this helps :)